Thank you; good to hear you like the book.
The behavior you're describing is built in the ASP.NET Framework. When you try to access a page you don't have permissions to (determined by the <location /> element in this case, ASP.NET automatically redirects you to the Login.aspx page. You can override the actual Login page (in case your login page is placed in a different folder or has a different name) by setting the loginUrl attribute on the forms element like this:
<forms loginUrl="~/SomeFolder/SomePage.aspx" timeout="2880" />
Obviously, in this example, SomePage.aspx does need to exist and contain a Login control.
Hope this helps,